May 2019
Intermediate to advanced
620 pages
21h 41m
English
Content preview from Active Directory Administration Cookbook
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
How it works...
By default, the Windows Server running Azure AD Connect, on which PTA was configured, acts as the first and only PTA Agent.
To make PTA (geo)redundant and make authentication for end-users not dependent on one Windows Server installation, PTA Agents can be added.
So, how many PTA Agents should you place? Microsoft recommends a minimum of three PTA Agents per tenant, depending on the number of user objects that use PTA. Each PTA agent is equipped with its own certificate, for which it uses the private key to decrypt authentication requests.
The Azure AD Authentication Service puts each authentication request on the Azure Service Bus, specifically encrypted for each of the registered PTA Agents. Registering unnecessary PTA Agents ...